Library Configuration - niclabs/dtc GitHub Wiki

The configuration file is named config.yaml and it can be in the current working directory or in /etc/dtc/ folder.

The structure is the following:

dtc:
  logfile: /tmp/dtc.log
  general:
    dtc:
      messagingtype: zmq
      nodesnumber: 5
      threshold: 3
    criptoki:
      manufacturerid: NICLabs
      model: dHSM RSA
      description: Distributed HSM using RSA signatures
      serialnumber: "1"
      minpinlength: 3
      maxpinlength: 10
      maxsessioncount: 5
      databasetype: sqlite3
      slots:
      - label: TCBHSM
        pin: "1234"
  sqlite3:
    path: db.sqlite3
  zmq:
    timeout: 10
    publickey: ...
    privatekey: ...
    nodes:
    - publickey: ...
      host: 172.17.1.11
      port: 2030
    - publickey: ...
      host: 172.17.1.12
      port: 2030
    - publickey: ...
      host: 172.17.1.13
      port: 2030
    - publickey: ...
      host: 172.17.1.14
      port: 2030
    - publickey: ...
      host: 172.17.1.15
      port: 2030

The complete config tree is under a dtc key. It has a mandatory section, called general, where we currently define three variables:

  • logfile is the absolute path where the log is going to be saved. If empty or undefined, the log will be printed on the stderr of the program which is using the library.
  • dtc represents the specific configuration used by the server. It defines a messagingType (Currently, only ZMQ), a nodesNumber value (the total number of nodes that are going to participate in the protocol) and a threshold number (the minimum number of nodes that need to sign a document to declare it as signed correctly.
  • criptoki defines the following Criptoki/PKCS#11 specific variables:
  • manufacturerId is the ID of the manufacturer of the HSM.
  • model is the model of the HSM.
  • description is a brief description of the HSM.
  • serialNumber is the serial number of the HSM.
  • minPinLen is the minimum length for the PINs.
  • maxPinLen is the maximum length for the PINs.
  • maxSessionCount is the maximum number of simultaneous sessions.
  • databaseType is the type of the storage for the HSM. Currently the only value available is sqlite3.
  • slots defines the slots available on the HSM. Each slot has a label field, representing the slot name, and a PIN field, used in token creation only. the HSM creates by default the slots defined here.

Also, there are two extra configurations outside general option:

  • Network Configurations: They define the options for the network driver. Currently, zmq is the only available, but the implementation allows to extend it to other messaging systems. zmq defines the following options:
  • timeout represents the maximum time a node should be waited to declare it as non responsive.
  • publicKey represents a Base85 public key used by ZMQ CURVE Auth mode. The nodes should communicate in this mode to send and receive encripted messages.
  • privateKey represents a Base85 public key used by ZMQ CURVE Auth mode. The nodes should communicate in this mode to send and receive encripted messages.
  • nodes is a list of dictionaries with node information. This list must be of the same size as the nodesNumber variable in general.dtc. Each node is represented by host, port and publicKey parameters (IP/Port/Public Key of the node).
  • Storage Configurations: They define the options for the storage driver. Currently, sqlite3 is the only available, but the implementation allows to extend it to other storage systems. sqlite3 defines the following options:
  • path is the path to the sqlite3 database.

If you need to generate a public/private Base85 key pair for ZMQ Curve Authentication, we recommend to use the gencurve utility in dtcconfig repository.